How we managed to use Tripwire for detecting intrusions

We all should be aware that security is very important for our servers. Having informed about the changes to server file system is always important, as unauthorized access could very well breach security. Here comes our saviour Open Source Tripwire, which is a free security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

Open Source Tripwire functions as a host-based intrusion detection system. It detects changes to file system objects and alerts the server administrator.

Installation and Configuration

Install tripwire using apt-get install

# sudo apt-get install tripwire

Next step is to create a site key. Tripwire requires a site passphrase for securing the tw.cfg config file and tw.pol policy file. Just select <Yes> and proceed.

A local key passphrase is required to protect the tripwire database and report files. We need to select <Yes> and proceed.

Tripwire configuration is saved in /etc/tripwire/twcfg.txt file. It is used to generate the encrypted configuration file tw.cfg. Rebuild the tripwire configuration file.

Rebuild the Tripwire policy file. Tripwire policies are saved in /etc/tripwire/twpol.txt file and used for the generation of encrypted policy file tw.pol.

Configure the tripwire configuration before the generation of the baseline database. It is necessary to disable few policies such as /dev, /proc , /root/mail, etc. The details of a twpol.txt file are given below:

The goal for customers is to not only have a visually attractive product but also make sure it has superb functionality. We accomplish this by building feature-rich, engaging, and user-friendly mobile app and web solutions consisting of intuitive UX, present-day technologies and tools and best-in-class interfaces.